International Association
for Cryptologic Research

The Department of Computer Science at Technical University of Darmstadt invites applications for the position of a Full Professor (W3) for Cybersecurity.

We are looking for an outstanding scientist who will represent the topic area of cybersecurity in research and teaching. Successful candidates should demonstrate an outstanding scientific profile, with high-impact research contributions in the area of cybersecurity. A research profile that focuses on emerging application areas (e.g., machine learning & data science, IoT, decentralized systems) or on core topics of cybersecurity (e.g., hardware and network security, privacy) is desired. Successful collaboration in international research teams, with industry, or across research disciplines is desirable.

The professorship is expected to strengthen the department’s research focus on cybersecurity and offers the opportunity to participate in joint research projects currently running at Technical University of Darmstadt. This in particular includes the DFG Collaborative Research Center “CROSSING”, the National Research Center for Applied Cybersecurity ATHENE, and the Hessian Center for Artificial Intelligence.

In addition to excellent scientific credentials, we seek a strong commitment to teaching and experience in attracting third-party funding as well as participation in academic governance. The Technical University of Darmstadt has a strong focus on engineering science and information and communication technology. The Department of Computer Science is one of the leaders in research and teaching and regularly ranked among the top German departments.

Please submit applications in English with the usual attachments (CV including research and teaching achievements, list of publications, copies of diplomas) as well as a research and teaching statement, quoting the code number 221, to the Chair of the Department of Computer Science, Prof. Dr. Felix Wolf (dekanat@informatik.tu-darmstadt.de).

Further information: https://www.tu-darmstadt.de/universitaet/karriere_an_der_tu/stellenangebote/aktuelle_stellenangebote/stellenausschreibungen_detailansichten_1_40864

Closing date for applications:

Contact: Sebastian Faust, sebastian.faust@cs.tu-darmstadt.de

More information: https://www.tu-darmstadt.de/universitaet/karriere_an_der_tu/stellenangebote/aktuelle_stellenangebote/stellenausschreibungen_detailansichten_1_408640.en.jsp

The Cybersecurity and Data Analytics research group at the University of Mondragon is looking for qualified applicants for a PhD position in Post-Quantum Cryptography (PQC).

Currently standardized public key cryptography, upon which widely deployed secure internet protocols depend on, is vulnerable to Shor’s polynomial-time quantum algorithm for the factoring and discrete logarithm problems. Moreover, substantial advances in quantum computing in the past decade have re-assured the scientific community about the necessity to build quantum-resistant cryptosystems.

PQC has raised as the preferred solution to face the threat that quantum computers pose to secure communications systems. The ongoing standardization process run by the National Institute of Standards and Technology to define new standards for public-key encryption, digital signatures and key-exchange schemes has only augmented the attention towards PQC.

There exist several alternative problems to classical public key cryptography. Lattice-based cryptography, multivariate cryptography, hash-based cryptography schemes, isogeny-based cryptography and code-based cryptography can be used to design cryptosystems secure against both classical and quantum computers and are thus regarded as PQC algorithms.

There exist many paramount ingredients to take into account when considering the transition of secure internet protocols such as TLS, OpenVPN, or WireGuard to PQC. For instance, one of the main challenges that PQC raises is that, when compared to classical public key cryptography, its key sizes, ciphertext sizes or signature sizes, are often much larger. Also, the performance of PQC algorithms is generally worse than the one provided by present standards, and all these aspects vary depending on the specific PQC algorithm.

We are looking for students who are willing to conduct research on the impact of transitioning nowadays widely deployed secure internet protocols to post-quantum cryptography.

Closing date for applications:

Contact: Marc Manzano

There is a job opening for a senior scientist (i.e. a fixed-term, non-tenured assistant professor) at the Cybersecurity Research Group at AAU (Klagenfurt). AAU is a young university: in 2018 it was in the QS top 50 under 50 list; it ranked 6th of all Austrian Universities in 2020.

The lecturer position is fixed-term for 3.5 years. The successful applicant is expected to do a small amount of teaching (2-4 contact/lecture hours per week during term time, subject specific only i.e. no service teaching) whilst contributing to the wider research agenda of the Cybersecurity group.

The Cybersecurity group (www.cybersecurityresearch.at) was recently established by Prof. Elisabeth Oswald (ERC Cog, EPSRC Leadership fellow) after her move from Bristol (UK) to Austria. The group's core expertise is in applied aspects of cryptography, in particular with statistical techniques that deal with the detection and exploitation of information leakage. The group wants to expand its repertoire, e.g. towards data intensive aspects of cybersecurity more generally and therefore seeks to appoint somebody with a a background in statistics/data science/AI who has an interest in cybersecurity applications of their research; or towards other relevant areas of (applied) cryptography including embedded security.

The minimum monthly gross salary for this position amounts to € 3.9k (14 times per year) and can increase to € 4.5k (x14) maximum in the case of consideration of previous occupational experience. The fixed-term employment contract is expected to commence in August 2020 (but this is negotiable). All details can be found here: https://jobs.aau.at/en/job/senior-scientist-all-genders-welcome-2/.

Informal enquiries can be directly directed to Elisabeth . Oswald@aau.at Formal applications have to be made via the AAU jobs portal: https://jobs.aau.at/en/ AAU is an equal opportunities employer and therefor particularly encourages applications of female researcher and in general researchers from underrepresented groups.

Closing date for applications:

Contact: Elisabeth . Oswald @ aau . at

More information: https://jobs.aau.at/en/job/senior-scientist-all-genders-welcome-2/

CAP-TEE: Capability Architectures for Trusted Execution

Trusted Execution Environments (TEEs) shield computations using security-sensitive data (e.g. personal data, banking information, or encryption keys) inside a secure "enclave" from the rest of the untrusted operating system. A TEE protects its data and code even if an attacker has gained full root access to the untrusted parts of the system. In this project, we will use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs: https://cap-tee.org/

The project is led by David Oswald. Our industrial project partners are also devoting time to the project, and the PhD student will have the opportunity to work with them.

The studentship covers a stipend and tuition fees based on UK home student rates (nb: the studentship does not cover the full tuition fees for overseas students.).

Candidates should have a good background in computer science. One focus will be on improving and evaluating the security of capabilty architectures; suitable candidates will hence need a strong background in system-level programming (e.g. using C or C++). We also expect a first-class UG or PG degree in a relevant subject (e.g. computer science or electrical engineering).

How to apply: There is no deadline for applying. The PhD candidate is expected to start in summer/autumn 2021. We will process applications as they arrive. To apply, please send your CV, a transcript with a list of courses and grades, and a description of your research interests to d.f.oswald (at) bham.ac.uk.

Closing date for applications:

Contact: Dr David Oswald

More information: https://www.cs.bham.ac.uk/~oswalddf/phd-projects.php

This is an exceptional opportunity to join the University of Manchester’s developing work in Cyber Security.

The Department of Computer Science is investing for growth in the Computer Science aspects of Information and Cyber Security. You will contribute to our portfolio of research and teaching in cyber security, and be willing to engage across discipline boundaries to apply your work. This will include engaging with a variety of business stakeholders and national agencies and government departments.

You will be part of a pan-university community contributing to Digital Trust and Security, including – but not restricted to – privacy, trust, data protection (School of Social Sciences), cybercrime, criminals, victims (School of Law) and work place security (Alliance Manchester Business School).

The Department of Computer Science is a leading research institution, and values exceptional researchers. You will publish to the highest standards, secure external research funding, pursue real-world impact, and contribute to the PGR training programmes within the Department.

The Department values exceptional teachers. You will play a key role in maintaining our reputation as an institute of learning – designing and delivering innovative undergraduate (UG) and postgraduate (PG) topics, not only in Cyber Security, but also across the spectrum of Computer Science. Exceptional teachers are encouraged to demonstrate this in their application.

Closing date for applications:

Contact: Enquiries about the vacancy, shortlisting and interviews: Name: Professor Robert Stevens

Email: robert.stevens@manchester.ac.uk

More information: https://www.jobs.manchester.ac.uk/displayjob.aspx?isPreview=Yes&jobid=20096

Event date: 1 September to 2 September 2021
Submission deadline: 12 June 2021
Notification: 24 July 2021

Event date: 15 November 2021
Submission deadline: 25 June 2021
Notification: 13 August 2021

The Herbert Wertheim College of Engineering at the University of Florida (UF) invites applications for a full-time, nine-month tenure track faculty position at the rank of Assistant/Associate/Full Professor in the Department of Electrical and Computer Engineering, or the Department of Computer & Information Sciences & Engineering (CISE). Candidates are sought whose research focuses on fully homomorphic encryption (FHE) and who are interested in collaborative research with the Florida Institute for Cybersecurity (FICS) Research, housed within the Herbert Wertheim College of Engineering. FICS Research is the nation’s premier multidisciplinary research institute focused on the advancement of cybersecurity with major partnerships and collaborations among industry, academe, and government. FICS Research covers all aspects of cybersecurity and assurance including hardware, network, mobile, big data, Internet of Things, applied crypto, social sciences, law, and more. The institute’s direct support of industry and government partners also enhances the educational experience and outcome for a diverse set of top-quality graduate and undergraduate students. Engineers and scientists interested in emerging FHE cryptographic applications and implementation will find a wealth of opportunities for supportive and multi-disciplinary collaboration in this position. The University of Florida is the flagship campus of the State of Florida university system and is ranked as the #6 best public US university according to US News and World Report. UF recently announced a $70 million artificial intelligence partnership with NVIDIA to create an AI-centric data center that houses the world's fastest AI supercomputer in higher education. Of particular relevance to this new faculty position, the HWCOE is in the process of creating the programmatic backbone to UF’s efforts to change the future of education and workforce development through university-wide AI training and experiential learning efforts. The Department of ECE in the HWCOE is a vibrant, multidisciplinary highly collaborative environment, consistently ranked among the top departments for both graduate and undergraduate progr

Closing date for applications:

Contact: tehranipoor@ufl.edu

More information: https://facultyjobs.hr.ufl.edu/posting/87357

About the Role: The candidate will be expected to research cryptographic protocols that will be useful in blockchain applications or more generally. They will additionally dedicate some fraction of their time to projects that more directly benefit Ethereum. There is a lot of flexibility to work on topics they find interesting and also to collaborate with other teams for example in academia. We have a culture of open source and no patents will be put on any work they produce. The role is remote. The position is permanent however the details of the contract will depend on the location and personal circumstances of the candidate.

Requirements: The successful candidate will have a PhD in either cryptography, consensus, or a closely related field. They will have a strong track record of publishing in top tier conferences and a clear vision of how they wish to continue their research for the benefit of blockchain and other communities. They will be comfortable working both independently and as part of a larger team. The candidate should be able to prototype their protocols/algorithms in a programming language of their choice.

The focus of this position is on Zero Knowledge Virtual Machines. Experience with the following is an advantage but not required:

• Zero-Knowledge proof schemes such as Pairing-based SNARKs (Groth16, PLONK), Bulletproofs, STARKs, etc.
• Different arithmetization schemes such as AIR, R1CS, PLONK.
• Different methods of implementing recursive SNARKs.
• Implementing RAM in SNARKs, e.g. TinyRAM.
• Knowledge of how virtual machines work and how to scale them.

Interested candidates that have more diverse skills but do not fit the above requirements should also consider applying as there may be other roles within the foundation.

Closing date for applications:

Contact: Please email cryptography@ethereum.org with a CV and a short document (either 1 or 2 pages) detailing how you have personally contributed to each of your publications. If you have contributed to any open source projects then additionally discuss this in the short document or provide links.

We study the randomness complexity of interactive proofs and zero-knowledge proofs. In particular, we ask whether it is possible to reduce the randomness complexity, $R$, of the verifier to be comparable with the number of bits, $C_V$, that the verifier sends during the interaction. We show that such \emph{randomness sparsification} is possible in several settings. Specifically, unconditional sparsification can be obtained in the non-uniform setting (where the verifier is modelled as a circuit), and in the uniform setting where the parties have access to a (reusable) common-random-string (CRS). We further show that constant-round uniform protocols can be sparsified without a CRS under a plausible worst-case complexity-theoretic assumption that was used previously in the context of derandomization.

All the above sparsification results preserve statistical-zero knowledge provided that this property holds against a \emph{cheating verifier}. We further show that randomness sparsification can be applied to honest-verifier statistical zero-knowledge (HVSZK) proofs at the expense of increasing the communication from the prover by $R-F$ bits, or, in the case of honest-verifier perfect zero-knowledge (HVPZK) by slowing down the simulation by a factor of $2^{R-F}$. Here $F$ is a new measure of \emph{accessible bit complexity} of an HVZK proof system that ranges from 0 to $R$, where a maximal grade of $R$ is achieved when zero-knowledge holds against a ``semi-malicious'' verifier that maliciously selects its random tape and then plays honestly. Consequently, we show that some classical HVSZK proof systems, like the one for the complete Statistical-Distance problem (Sahai and Vadhan, JACM 2003) admit randomness sparsification with no penalty.

Along the way we introduce new notions of pseudorandomness against interactive proof systems, and study their relations to existing notions of pseudorandomness.

A classic approach to MPC uses preprocessed multiplication triples to evaluate arbitrary Boolean circuits. If the target circuit features conditional branching, e.g. as the result of a IF program statement, then triples are wasted: one triple is consumed per AND gate, even if the output of the gate is entirely discarded by the circuit's conditional behavior.

In this work, we show that multiplication triples can be re-used across conditional branches. For a circuit with $b$ branches, each having $n$ AND gates, we need only a total of $n$ triples, rather than the typically required $b\cdot n$. Because preprocessing triples is often the most expensive step in protocols that use them, this significantly improves performance.

Prior work similarly amortized oblivious transfers across branches in the classic GMW protocol (Heath et al., Asiacrypt 2020, [HKP20]). In addition to demonstrating conditional improvements are possible for a different class of protocols, we also concretely improve over [HKP20]: their maximum improvement is bounded by the topology of the circuit. Our protocol yields improvement independent of topology: we need triples proportional to the size of the program's longest execution path, regardless of the structure of the program branches.

We implemented our approach in C++. Our experiments show that we significantly improve over a naive protocol and over prior work: for a circuit with $16$ branches and in terms of total communication, we improved over naive by $12\times$ and over [HKP20] by an average of $2.6\times$.

Our protocol is secure against the semi-honest corruption of $p-1$ parties.

BFT protocols in the synchronous setting rely on a strong assumption: every message sent by a party will arrive at its destination within a known bounded time. To allow some degree of asynchrony while still tolerating a minority corruption, recently, in Crypto'19, a weaker synchrony assumption called mobile sluggish faults was introduced. In this work, we investigate the support for mobile sluggish faults in existing synchronous protocols such as Dfinity, Streamlet, Sync HotStuff, OptSync and the optimal latency BFT protocol. We identify key principles that can be used to ``compile'' these synchronous protocols to tolerate mobile sluggish faults.

We provide a new remote attestation scheme for secure processor technology, which is secure in the presence of an All Digital State Observing (ADSO) adversary. To accomplish this, we obfuscate session signing keys using a silicon Physical Unclonable Function (PUF) with an extended interface that combines the LPN-PUF concept with a repetition code for small failure probabilities, and we introduce a new signature scheme that only needs a message dependent subset of a session signing key for computing a signature and whose signatures cannot be successfully forged even if one subset per session signing key leaks. Our solution for remote attestation shows that results computed by enclaves can be properly verified even when an ADSO-adversary is present. For $N=2^l$ sessions, implementation results show that signing takes $934.9+0.6\cdot l$ ms and produces a signature of $8.2+0.03\cdot l$ KB, and verification by a remote user takes $118.2+0.4\cdot l$ ms. During initialization, generation of all session keys takes $819.3 \cdot N$ ms and corresponding storage is $3 \cdot 10^{-5} + 0.12 \cdot N$ MB.

We tackle the problems of private learning where an owner wishes to outsource a training task to an honest-but-curious server while keeping its data private, and private collaborative learning where two (or more) mutually distrusting owners outsource respective training data sets to an honest-but-curious server while keeping their data sets private from the server and each other.

The privacy property we provide is information-theoretic in nature, Probably Approximately Correct (PAC) approximation resistance (abbreviated to PAC security). Each owner transforms its data and labels using a private transform. The server combines samples from each data set into expanded samples with corresponding expanded labels -- we refer to this step as Task Augmentation. The server can be used for inference by any owner by sending it transformed samples. Unlike most prior approaches, our transformed data approach maintains privacy for each entity, even in the case where the server colludes with all other entities. Importantly, we show the utility of collaborative learning typically exceeds the utility that can be achieved by any entity restricted to its own data set.

Another important application we show is that the Task Augmentation approach can also be used in the single owner case by adding labeled, learnable noise to amplify privacy. This can be straightforwardly used to produce (Local) Differential Privacy ((L)DP) guarantees. We show that adding labeled noise as opposed to a conventional (L)DP additive noise mechanism significantly improves the privacy-utility tradeoff in private learning under the same setup.

Whilst lattice-based cryptosystems are believed to be resistant to quantum attack, they are often forced to pay for that security with inefficiencies in implementation. This problem is overcome by ring- and module-based schemes such as Ring-LWE or Module-LWE, whose keysize can be reduced by exploiting its algebraic structure, allowing for neater and faster computations. Many rings may be chosen to define such cryptoschemes, but cyclotomic rings, due to their cyclic nature allowing for easy multiplication, are the community standard. However, there is still much uncertainty as to whether this structure may be exploited to an adversary's benefit. In this paper, we show that the decomposition group of a cyclotomic ring of arbitrary conductor may be utilised in order to significantly decrease the dimension of the ideal (or module) lattice required to solve a given instance of SVP. Moreover, we show that there exist a large number of rational primes for which, if the prime ideal factors of an ideal lie over primes of this form, give rise to an ``easy'' instance of SVP. However, it is important to note that this work does not break Ring-LWE or Module-LWE, since the security reduction is from worst case ideal or module SVP to average case Ring-LWE or Module-LWE respectively, and is one way.

We present Hyperproofs, the first vector commitment (VC) scheme that is efficiently maintainable and aggregatable. Similar to Merkle proofs, our proofs form a tree that can be efficiently maintained: updating all $n$ proofs in the tree after a single leaf change only requires $O(\log{n})$ time. Importantly, unlike Merkle proofs, Hyperproofs are efficiently aggregatable, anywhere from 10$\times$ to 100$\times$ faster than SNARK-based aggregation of Merkle proofs. At the same time, an individual Hyperproof consists of only $\log{n}$ algebraic hashes (e.g., 32-byte elliptic curve points) and an aggregation of $b$ such proofs is only $O(\log{(b\log{n})})$-sized. Hyperproofs are also reasonably fast to update when compared to Merkle trees with SNARK-friendly hash functions.

As another added benefit over Merkle trees, Hyperproofs are homomorphic: digests (and proofs) for two vectors can be homomorphically combined into a digest (and proofs) for their sum. Homomorphism is very useful in emerging applications such as stateless cryptocurrencies. First, it enables unstealability, a novel property that incentivizes proof computation. Second, it makes digests and proofs much more convenient to update.

Finally, Hyperproofs have certain limitations: they are not transparent, have linear-sized public parameters, are slower to verify, and have larger aggregated proofs than SNARK-based approaches. Nonetheless, end-to-end, aggregation and verification in Hyperproofs is 10$\times$ to 100$\times$ faster than SNARK-based Merkle trees.

A great challenge for distributed payment systems is their compliance with regulations, such as anti-money laundering, insolvency legislation, countering the financing of terrorism and sanctions laws. After Bitcoin's MtGox scandal, one of the most needed auditing functionalities for financial solvency and tax reporting purposes is to prove ownership of blockchain reserves, a process known as Proof of Assets (PoA). This work formalizes the PoA requirements in account-based blockchains, focusing on the unique hierarchical account structure of the Diem blockchain, formerly known as Libra. In particular, we take into account some unique features of the Diem infrastructure to consider different PoA modes by exploring time-stamping edge cases, cold wallets, locked assets, spending ability delegation and account pruning, among the others. We also propose practical optimizations to the byte-size of PoA in the presence of light clients who cannot run a full node, including skipping Validator updates, while still maintaining the 66.7% Byzantine fault tolerance (BFT) guarantee.

Software implementations of cryptographic algorithms are slow but highly flexible and relatively easy to implement. On the other hand, hardware implementations are usually faster but provide little flexibility and require a lot of time to implement efficiently. In this paper, we develop a hybrid software-hardware implementation of the third round of Supersingular Isogeny Key Encapsulation (SIKE), a post-quantum cryptography algorithm candidate for NIST. We implement an isogeny field accelerator for the hardware and integrate it with a RISC-V processor which also acts as the main control unit for the field accelerator. The main advantage of this design is the high performance gain from the hardware implementation and the flexibility and fast development the software implementation provides. This is the first hybrid RISC-V and accelerator of SIKE. Furthermore, we provide one implementation for all NIST security levels of SIKE. Our design has the best area-time at NIST security levels 3 and 5 out of all hardware and hybrid designs provided in the literature.

Anonymous cryptographic primitives reduce the traces left by the users when interacting over a digital platform. However, they also prevent a platform owner to hold users accountable in case of malicious behaviour. Revocable anonymity offers a compromise by allowing only the manager (and not the other users) of the digital platform to de-anonymize user's activities when necessary. However, such de-anonymization power can be abused too, as a misbehaving manager can de-anonymize all the activities without user's awareness. Previous work propose to mitigate this issue by distributing the de-anonymization power across several entities. However, there is no comprehensive and formal treatment where both accountability and non-frameability (i.e., the inability to falsely accuse a party of misbehavior) for both the user and the manager are explicitly defined and provably achieved.

In this paper we formally define mutual accountability: a user can be held accountable for her otherwise anonymous digital actions and a manager is held accountable for every de-anonymization attempt; plus, no honest party can be framed -- regardless of what malicious parties do.

Instead of distributing the de-anonymization power across entities, instead, we decouple the power of de-anonymization from the power of monitoring de-anonymization attempts. This allows for greater flexibility, particularly in the choice of the monitoring entities.

We show that our framework can be instantiated generically from threshold encryption schemes and succinct non-interactive zero-knowledge. We also show that the highly-efficient threshold group signature scheme by Camenisch et al.(SCN'20) can be modified and extended to instantiate our framework.

Several emerging proof-of-work (PoW) blockchain protocols rely on a “parallel-chain” architecture for scaling, where instead of a single chain, multiple chains are run in parallel and aggregated. A key requirement of practical PoW blockchains is to adapt to mining power variations over time (Bitcoin’s total mining power has increased by a $10^14$ factor over the decade). In this paper, we consider the design of provably secure parallel-chain protocols which can adapt to such mining power variations.

The Bitcoin difficulty adjustment rule adjusts the difficulty target of block mining periodically to get a constant mean inter-block time. While superficially simple, the rule has proved itself to be sophisticated and successfully secure, both in practice and in theory [11, 13]. We show that natural adaptations of the Bitcoin adjustment rule to the parallel-chain case open the door to subtle, but catastrophic safety and liveness breaches. We uncover a meta-design principle that allow us to design variable mining difficulty protocols for three popular PoW blockchain proposals (Prism [3], OHIE [26], Fruitchains [21]) inside a common rubric.

The principle has three components: (M1) a pivot chain, based on which blocks in all chains choose difficulty, (M2) a monotonicity condition for referencing pivot chain blocks and (M3) translating additional protocol aspects from using levels (depth) to using “difficulty levels”. We show that protocols employing a subset of these principles may have catastrophic failures. The security of the designs is also proved using a common rubric – the key technical challenge involves analyzing the interaction between the pivot chain and the other chains, as well as bounding the sudden changes in difficulty target experienced in non-pivot chains. We empirically investigate the responsivity of the new mining difficulty rule via simulations based on historical Bitcoin data, and find that the protocol very effectively controls the forking rate across all the chains.